American Express Compliance Program

The American Express Compliance Program validates that merchants are committed to protecting Cardholder Data and Sensitive Authentication Data. Non-compliance can lead to PCI fees, non-validation fees and termination of agreement with American Express.

SOC-2

One Inc is compliant with the Soc-2 Type 2 reporting framework.

Service Organization Controls (SOC-2), developed by the American Institute of Certified Public Accountants (AICPA), is a set of standards for managing customer data to protect privacy against malicious actors. With the extent of sensitive data insurance companies need to protect, their vendors must have the right oversight across their organizations.

Payment Vehicles

Wells Fargo PINLess

One Inc is a fully compliant, PINLess Debit Service Provider.

Wells Fargo’s PINless Compliance Assessment Program (PCAP) addresses the risk of processing debit cards without the security of a required PIN. Non-compliance can lead to fines or penalties.

Mastercard GRMP Payment Facilitator

The Mastercard GRMP Payment Facilitator Review is conducted by Mastercard’s Global Risk Management Program staff, examining the ability to manage, anticipate, and protect against fraud and other risks. Failed reviews can lead to fines up to $500k and deregistration.

Federal Legislation

FACTA (Fair and Accurate Credit Transactions Act)

One Inc is compliant with the Fair and Accurate Credit Transactions Act (FACTA).

FACTA requires companies that collect personal information to properly protect and dispose of it. Non-compliance penalties can be up to $2500 per violation.

GLBA (Gramm-Leach-Bliley Act)

One Inc complies with the Gramm-Leach-Bliley Act (GLBA).

GLBA requires financial institutions to safeguard sensitive customer data (names, addresses, bank and credit card account numbers, and more) and explain their information-sharing practices to their customers. Non-compliance can lead to fines of up to $100k for each violation or even imprisonment.

TCPA (Telephone Consumer Protection Act)

One Inc complies with the Telephone Consumer Protection Act (TCPA)

TCPA restricts telephone solicitations and requires telemarketers to transmit caller ID information. Individuals can sue for up to $1500 for a willful violation.

HIPAA (Health Insurance Portability and Accountability Act)

One Inc complies with the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA reduces health care fraud and abuse by mandating industry-wide standards for health care information on electronic billing and other processes. It also requires the protection and confidential handling of protected health information. Non-compliance penalties can range from $100 to $50,000 per violation with a maximum penalty of $1.5M per year.